As far as I can tell Bitwarden doesn't inject any scripts. I know people complain it doesn't have that overlay like LastPass has but Bitwarden not having might be a plus now.
The original VICE article said it was $16 and they can take as many accounts as they want. It seems worth it to me.
If we all agree it's not secure then why do we keep using it? I rather have a unique password then rely on SMS anything especially if that account allows you to reset your password by SMS.
username + unique password would be better than all the other options listed. Adding SMS seems to add new points of attack that either hurt the user or just delays the hurting.
It doesn't stop it but delays it. The attacker seeing a SMS 2FA screen doesn't mean they give up, it just means the user is now more valuable. This explains it https://passwordbits.com/dont-need-sms-2fa/
The paper also said, "websites should eliminate SMS based MFA altogether".
Report for child labor!
It's too expensive for what it does and don't trust it mostly from its auto password changer does it on their servers.
Can we not submit to Google to shut down for spreading malware or get the domain registrar involved?
As far as I can tell Bitwarden doesn't inject any scripts. I know people complain it doesn't have that overlay like LastPass has but Bitwarden not having might be a plus now.
The original VICE article said it was $16 and they can take as many accounts as they want. It seems worth it to me.
If we all agree it's not secure then why do we keep using it? I rather have a unique password then rely on SMS anything especially if that account allows you to reset your password by SMS.
username + unique password would be better than all the other options listed. Adding SMS seems to add new points of attack that either hurt the user or just delays the hurting.
It doesn't stop it but delays it. The attacker seeing a SMS 2FA screen doesn't mean they give up, it just means the user is now more valuable. This explains it https://passwordbits.com/dont-need-sms-2fa/
The paper also said, "websites should eliminate SMS based MFA altogether".
Report for child labor!
It's too expensive for what it does and don't trust it mostly from its auto password changer does it on their servers.
Can we not submit to Google to shut down for spreading malware or get the domain registrar involved?